Free SC-100 Sample Questions — Microsoft Cybersecurity Architect

Your company has an Azure subscription that uses Azure Storage. The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be time- limited. What should you include in the recommendation?

• A. Configure private link connections
• B. Configure encryption by using customer-managed keys (CMKs)
• C. Share the connection string of the access key
• D. Create shared access signatures (SAS)

Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription. The company uses the following devices: ✑ Computers that run either Windows 10 or Windows 11 ✑ Tablets and phones that run either Android or iOS You need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored. What should you include in the recommendation?

• A. eDiscovery
• B. Microsoft Information Protection
• C. Compliance Manager
• D. retention policies

Your company has on-premises datacenters in Seattle, Chicago, and New York City. You plan to migrate the on-premises workloads to the East US Azure region. You need to design a governance solution for the management group hierarchy. The solution must be based on Microsoft Cloud Adoption Framework for Azure principles and must ensure that the hierarchy aligns with the Azure landing conceptual architecture. What should you use to identify which archetype-aligned management groups to create beneath the landing zones management group?

• A. geographical locations
• B. the internal billing chargeback structure
• C. the hybrid connectivity requirements
• D. software development lifecycle (SDLC) environments

You are designing a new Azure environment based on the security best practices of the Microsoft Cloud Adoption Framework for Azure. The environment will contain one subscription for shared infrastructure components and three separate subscriptions for applications. You need to recommend a deployment solution that includes network security groups (NSGs), Azure Firewall, Azure Key Vault, and Azure Bastion. The solution must minimize deployment effort and follow security best practices of the Microsoft Cloud Adoption Framework for Azure. What should you include in the recommendation?

• A. the Azure landing zone accelerator
• B. the Azure Well-Architected Framework
• C. Azure Security Benchmark v3
• D. Azure Advisor

You are designing a ransomware response plan that follows Microsoft Security Best Practices. You need to recommend a solution to minimize the risk of a ransomware attack encrypting local user files. What should you include in the recommendation?

• A. Windows Defender Device Guard
• B. Microsoft Defender for Endpoint
• C. Azure Files
• D. BitLocker Drive Encryption (BitLocker)
• E. protected folders

You have a multicloud environment that contains Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) subscriptions. You need to discover and review role assignments across the subscriptions. What should you use?

• A. Azure Lighthouse
• B. Microsoft Defender for Identity
• C. Microsoft Entra ID Governance
• D. Microsoft Entra Permissions Management

You need to recommend a solution for securing the landing zones. The solution must meet the landing zone requirements and the business requirements. What should you configure for each landing zone?

• A. an ExpressRoute gateway
• B. Microsoft Defender for Cloud
• C. an Azure Private DNS zone
• D. Azure DDoS Protection Standard

You have an Azure subscription. You have a DNS domain named contoso.com that is hosted by a third-party DNS registrar. Developers use Azure DevOps to deploy web apps to App Service Environments. When a new app is deployed, a CNAME record for the app is registered in contoso.com. You need to recommend a solution to secure the DNS record for each web app. The solution must meet the following requirements: • Ensure that when an app is deleted, the CNAME record for the app is removed also. • Minimize administrative effort. What should you include in the recommendation?

• A. Microsoft Defender for Cloud Apps
• B. Microsoft Defender for DevOps
• C. Microsoft Defender for App Service
• D. Microsoft Defender for DNS

You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft deployment. You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel?

• A. notebooks
• B. playbooks
• C. workbooks
• D. threat intelligence

You have a Microsoft 365 subscription that uses Microsoft Defender XDR and Microsoft Purview. On a Microsoft SharePoint Online site, you have a file named File1 that has a sensitivity label applied. You need to recommend a solution that will reevaluate Conditional Access policies when a user downloads Filel from the SharePoint site. What should you include in the recommendation?

• A. Microsoft Defender for Cloud Apps
• B. Microsoft Defender for Cloud
• C. Microsoft Defender for Office 365
• D. Microsoft Entra application proxy

Your company has an Azure subscription that uses Microsoft Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?

• A. From Azure Policy, assign a built-in initiative that has a scope of the subscription
• B. From Azure Policy, assign a built-in policy definition that has a scope of the subscription
• C. From Defender for Cloud, review the Azure security baseline for audit report
• D. From Defender for Cloud, enable Defender for Cloud plans

You have an Azure subscription and an Azure DevOps organization. You need to recommend a solution for connecting Azure DevOps pipelines to the resources in the subscription by using Azure Resource Manager (ARM) service connections. The solution must align with Microsoft Cloud Adoption Framework for Azure best practices, including the principle of least privilege. What should you include in the recommendation?

• A. service principals and secrets
• B. workload identity federation and service principals
• C. workload identity federation and user-assigned managed identities
• D. workload identity federation and system-assigned managed identities

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD). The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer's security environment. What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

• A. Azure AD Privileged Identity Management (PIM)
• B. role-based authorization
• C. resource-based authorization
• D. Azure AD Multi-Factor Authentication

You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows for the deployment of applications to Azure. You need to recommend what to include in dynamic application security testing (DAST) based on the principles of the Microsoft Cloud Adoption Framework for Azure. What should you recommend?

• A. unit testing
• B. penetration testing
• C. dependency checks
• D. threat modeling

You have Microsoft Defender for Cloud assigned to Azure management groups. You have a Microsoft Sentinel deployment. During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Microsoft Sentinel threat intelligence workbooks
• B. Microsoft Sentinel notebooks
• C. threat intelligence reports in Defender for Cloud
• D. workload protections in Defender for Cloud

You have a Microsoft Entra tenant named contoso.com. You have an external partner that has a Microsoft Entra tenant named fabnkam.com. You need to recommend an identity governance solution for contoso.com that meets the following requirements: • Enables the users in contoso.com and fabrikam.com to communicate by using shared Microsoft Teams channels • Manages access to shared Teams channels in contoso.com by using groups in fabrikam.com • Supports single sign-on (SSO) • Minimizes administrative effort • Maximizes security What should you include in the recommendation?

• A. Cross-tenant synchronization
• B. Microsoft Entra B2B collaboration
• C. B2B direct connect
• D. Microsoft Entra Connect Sync

You are designing the security standards for a new Azure environment. You need to design a privileged identity strategy based on the Zero Trust model. Which framework should you follow to create the design?

• A. Microsoft Security Development Lifecycle (SDL)
• B. Enhanced Security Admin Environment (ESAE)
• C. Rapid Modernization Plan (RaMP)
• D. Microsoft Operational Security Assurance (OSA)

Your company plans to provision blob storage by using an Azure Storage account. The blob storage will be accessible from 20 application servers on the internet. You need to recommend a solution to ensure that only the application servers can access the storage account. What should you recommend using to secure the blob storage?

• A. managed rule sets in Azure Web Application Firewall (WAF) policies
• B. inbound rules in network security groups (NSGs)
• C. firewall rules for the storage account
• D. inbound rules in Azure Firewall
• E. service tags in network security groups (NSGs)

You have Windows 11 devices and Microsoft 365 E5 licenses. You need to recommend a solution to prevent users from accessing websites that contain adult content such as gambling sites. What should you include in the recommendation?

• A. Compliance Manager
• B. Microsoft Defender for Cloud Apps
• C. Microsoft Endpoint Manager
• D. Microsoft Defender for Endpoint

Your company has a Microsoft 365 ES subscription. The Chief Compliance Officer plans to enhance privacy management in the working environment. You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements: ✑ Identify unused personal data and empower users to make smart data handling decisions. ✑ Provide users with notifications and guidance when a user sends personal data in Microsoft Teams. ✑ Provide users with recommendations to mitigate privacy risks. What should you include in the recommendation?

• A. communication compliance in insider risk management
• B. Microsoft Viva Insights
• C. Privacy Risk Management in Microsoft Priva
• D. Advanced eDiscovery